Eligibility Expands for IE Web Certificate

Smaller and newer businesses will now be able to get security certificates
that trigger a green address bar in Microsoft browsers under new rules ratified
this week.

Since they became
available late last year, the so-called extended-validation certificates
have generally been available only to larger companies -- those listed in public
databases.

Security companies and browser manufacturers through the Certification Authority/Browser
Forum have been hammering out procedures for general partnerships, unincorporated
associations, sole proprietorships and individuals as well.

"There are some new steps introduced," said Markellos Diorinos, a
product manager with Microsoft Corp. "They need face-to-face validation."

New guidelines call for smaller merchants to produce documents such as a driver's
license or a bank statement, according to certificate issuer Comodo. A lawyer
or a notary would have to review those documents.

The extended-validation, or EV, system is designed partly to address the rise
of "phishing" scams in which Web sites try to mimic legitimate businesses
to steal passwords and other sensitive data.

Although certificate issuers used to always check to make sure sites were really
what they said they were, newer competitors have tried to cut costs by checking
only that the site owns the domain name. Normal certificates may still be issued
that way, but the EV ones are reserved only for merchants that pass more rigorous
screening.